2016-09-24 03:00:46 +00:00
|
|
|
# frozen_string_literal: true
|
2017-11-06 16:15:18 +00:00
|
|
|
|
2016-02-13 09:28:09 +00:00
|
|
|
class ApplicationPolicy
|
|
|
|
attr_reader :user, :record
|
|
|
|
|
|
|
|
def initialize(user, record)
|
|
|
|
@user = user
|
|
|
|
@record = record
|
|
|
|
end
|
|
|
|
|
|
|
|
def index?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
def show?
|
2016-07-26 00:14:23 +00:00
|
|
|
scope.where(id: record.id).exists?
|
2016-02-13 09:28:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def create?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
def new?
|
|
|
|
create?
|
|
|
|
end
|
|
|
|
|
|
|
|
def update?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
|
|
|
def edit?
|
|
|
|
update?
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
2016-07-26 00:14:23 +00:00
|
|
|
# TODO: update this function to enable some flag in the interface
|
2016-03-11 13:25:24 +00:00
|
|
|
# so that admins usually can't do super admin stuff unless they
|
|
|
|
# explicitly say they want to (E.g. seeing/editing/deleting private
|
|
|
|
# maps - they should be able to, but not by accident)
|
|
|
|
def admin_override
|
2016-09-24 03:00:46 +00:00
|
|
|
user&.admin
|
2016-03-11 13:25:24 +00:00
|
|
|
end
|
|
|
|
|
2016-02-13 09:28:09 +00:00
|
|
|
def scope
|
|
|
|
Pundit.policy_scope!(user, record.class)
|
|
|
|
end
|
|
|
|
|
|
|
|
class Scope
|
|
|
|
attr_reader :user, :scope
|
|
|
|
|
|
|
|
def initialize(user, scope)
|
|
|
|
@user = user
|
|
|
|
@scope = scope
|
|
|
|
end
|
|
|
|
|
|
|
|
def resolve
|
2016-06-28 06:49:46 +00:00
|
|
|
scope.all
|
2016-02-13 09:28:09 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|